Red-Team Engineer Penetration Tester

Cyber Advisors Inc, (CAI) located in Maple Grove, MN, is looking for a Red-Team Engineer Penetration Tester. CAI is a steadily growing IT managed services provider (MSP) business that specializes in a very high-quality, customer-focused approach to designing, managing, and maintaining our customer's IT environment. We have invested a tremendous amount of time to develop our technology, processes, and support platform. We are now adding to our team of outstanding individuals to help in our growth. Come grow with us!

Apply

Cyber Advisors, Inc. has been the recipient of multiple Top Companies to Work For awards by both Twin Cities Magazine and Star Tribune. Come and join a team where we solve a wide array of technology tasks, build individual skill sets, and have a good time doing it! We are looking to add a Red-Team Engineer Penetration Tester to our team. Cyber Advisors provides employees opportunities for growth and learning while servicing a dynamic customer base. Our customers depend on us as their technology consultants and you will be expected to play a major role in our growth and success. You will also build your own skill set as you are exposed to many different types of applications, environments, and platforms.

The Red-Team Engineer Penetration Tester role is a mid-level consulting position within the Cyber Advisors Security Practice responsible for cyber security Red-Team leadership and penetration testing support. This position requires exceptional personal ethics, along with a sense of confidence, guile, and authenticity while exercising one’s ability to misdirect and pretext directly in the face of a client. The role also requires solid leadership in three or more of the following areas: vulnerability analysis, wireless penetration testing, cloud or infrastructure penetration testing, web or mobile application penetration testing, or other demonstrated advanced Red-Team or Purple-Team capabilities, while allowing for on-the-job growth in areas where the candidate is weak. The role will collaborate as needed on many internal and client-facing security projects, and operational security initiatives. The ideal candidate will also support the development and operational activities of junior-level cyber analysts and engineers while helping to grow the security team’s Red Team skillset, processes, and playbooks.

Knowledge, Skills and Abilities:

  • Reflect the highest possible ethical and moral standards of Cyber Advisors Security Practice
  • Possess a deep understanding of both information security and computer science
  • Firm grasp of networking, applications, and operating system functionality and concepts across diverse manufacturers
  • Willingness to learn advanced concepts such as application manipulation, exploit development, and stealthy operations
  • Continuously learn new Red-Team techniques and obtain Red Team-oriented certifications suitable to the practice
  • Proven capability and willingness to perform or assist in discovery, triage, remediation, and evaluation of threats
  • Mastery of Unix/Linux/Mac/Windows operating systems, including bash and Powershell
  • Willingness to take direction and accept appropriate critical guidance

Responsibilities:

  • Conduct cybersecurity vulnerability assessments (Red Team activities) and Penetration Tests based on client organization’s requirements
  • Rapidly assimilate the latest information and react to new client environments on a weekly or monthly basis
  • Understand all the threat vectors into each environment and be able to accurately assess them
  • Perform network penetration, web application, and/or mobile application testing, source code reviews, threat analysis, wireless network assessments, and social-engineering assessments (phishing, vishing, pretexting)
  • Utilize standard formats to create comprehensive and accurate reports and presentations for both technical and executive audiences
  • Effectively communicate findings and strategy to client stakeholders including technical staff, executive leadership, and legal counsel
  • Recognize and safely use attacker tools, Tactics, Techniques, and Procedures (TTPs)
  • Recognize and be willing to quickly identify and report accidents, errors, and misjudgments
  • Develop scripts, tools, or methodologies to enhance Security Practice Red Team processes
  • Intellectual curiosity and the ability to learn new skills and enhance old skills quickly
  • Ability to conduct client engagements with little or no supervision
  • Desire to share knowledge and skills, and to mentor less experienced staff
  • Review and analyze cyber threats and provide SME support and training to junior level security analysts and engineers
  • Interact with and assist other Cyber Advisors teams within the NOC and MSP practice on time sensitive, critical investigations of Cyber Advisors clients

Qualifications:

  • Mobile application assessments and penetration testing
  • Web application assessments and penetration testing
  • Shell scripting or automation of basic tasks using PowerShell, bash, Perl, Python, or Ruby
  • Developing, extending, or modifying exploits, shellcode or exploit tools
  • Developing applications in C#, ASP, .NET, C, Java (J2EE), or other high-level language
  • Developing mobile applications in Objective-C, Kotlin, Java, or other language
  • Reverse engineering malware, data obfuscation apps, or ciphers and ciphertext
  • Source code review for application control flow and security flaws

Must demonstrate 2-4 years’ experience in the following:

  • Strong skills in email, telephone, and physical social-engineering assessments (phishing, vishing, pretexting) required
  • Network penetration testing and manipulation of network infrastructure and components required
  • Demonstrate ability to write and to communicate clearly and concisely
  • Demonstrate ability to explain complex technical concepts to a non-technical audience
  • Demonstrate ability to manage and prioritize multiple tasks, aggressive targets, and deadlines
  • Demonstrate understanding of priorities and effective work procedures, self-manage work time and prioritize multiple tasks and problems
  • Familiarity with NIST SP 800 series, CIS Benchmarks, COBIT, and similar controls standards
  • Understanding of NIST CSF, CMMC, ISO 27000, and other security frameworks

Education and Certifications:

The successful candidate will hold:

  • 2-4+ years’ experience in network or cyber security focused on Red-Teams and pen testing
  • Solid understanding of the Penetration Testing Execution Standard (PTES)
  • Relevant pen testing related certifications include one or more CEH, GPEN, CPT, PenTest+, ECSA, CEPT, LPT, OSCP, or OSCE
  • Experience with DoD or LEO communities a plus
  • Active clearance a plus

Working Conditions and Physical Effort:

  • Must be responsive to client, company, and project emergencies
  • May require occasional out-of-state travel
  • This position includes both on-site and remote work activities and will require travel to the Maple Grove, MN, office on a regular (weekly or bi-weekly) cadence to be established with the manager
  • Ability and willingness to work from the office and from home as needed
  • Must be eligible to work in the US without sponsorship
  • Ability to travel up to 20%

Benefits:

  • Highly competitive pay based on experience and skills
  • Great opportunities for career advancement
  • Employer paid Health and Dental Insurance for CAI employee
  • 401k with employer matching
  • Disability and Life Insurance
  • Bonuses eligible
  • Vacation and PTO

If you are a hard-working, easy-going and experienced individual with a strong work ethic, we’d love to talk to you.

Must be able to pass a criminal background check and drug screen.

Cyber culture is like no other. First and foremost, we believe in taking care of our employees and their families. Whether we are blowing off steam on the company-owned boat club, gathering for a fun summer family picnic, or hosting sales –vs- engineering paintball war, we play just as hard as we work. We believe good things come to those who sweat.